CVE-2021-25327

Name of the Vulnerable Software and Affected Versions: Skyworth Digital Technology RN510 version 3.1.0.4

Description: The issue is related to a cross-site request forgery (CSRF) vulnerability in the /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp API endpoints. This vulnerability can lead to XSRF due to missing CSRF protection, and these pages are also vulnerable to cross-site scripting (XSS).

Recommendations: For Skyworth Digital Technology RN510 version 3.1.0.4, consider disabling access to the /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp API endpoints until a patch is available. Restricting access to these endpoints can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.